Too much activity

  • Resolved deedeekaye

    (@deedeekaye)


    5 months, 2 weeks ago

    I haven’t seen my question in the FAQ, nor when I search previous threads. When I open my Activity Log Viewer – I see a scary amount of login attempts to my website. They’re all recent, within the last several days and when I pull a couple IP numbers to look, I am getting a few different Country codes so like.. my question is: How do I make sure they can’t get logged in and create havoc? I have Bluehost as my hosting, I’ve contacted them about what I see and they agreed they too saw those attempts, but then referred me to the makers of this plugin for assistance. I use Woocommerce as my online store setup and I’m pretty sure everything is up to date. While I had Bluehost on the line, I asked them to update my PHP as that said it was outdated. I’l take any advice and help please, I’m outside my element with this..

Viewing 4 replies - 1 through 4 (of 4 total)
  • BluehostSupport

    (@bluehostsupport)

    5 months, 2 weeks ago

    Hey @deedeekaye, it’s completely understandable to feel unsettled seeing all those login attempts, especially when they’re coming from different countries. It’s actually super common for WordPress and WooCommerce sites to get a ton of random login attempts, bots just love scanning for sites like ours and trying their luck. It usually isn’t anything personal or targeted, just the reality of running a site that’s visible online.

    It’s great that Bluehost confirmed what you were seeing. Even though they can’t directly manage plugin settings, there are still a few things you can do on your end to keep things secure.

    First, it’s a good idea to use a security plugin alongside your activity log tool. Something like Wordfence or iThemes Security can help block malicious IPs, limit login attempts, and give you alerts when things look suspicious. Just be sure to do your research on the best fit for your setup.

    You can also enable two-factor authentication on your login page, which makes it way harder for anyone to get in even if they guess your password. Changing the default login URL with a plugin like WPS Hide Login is another easy step that helps reduce bot traffic hitting your site.

    And of course, strong passwords are a must. If there are any extra admin users you don’t use, it’s smart to disable or remove them just to keep things tight.

    It sounds like you’re already doing the right things by updating your PHP and staying on top of plugin updates. This kind of stuff can feel overwhelming, but once you put a few of these safeguards in place, it gets a lot more manageable.

    You’re asking the right questions, and you’re on the right track.

    Plugin Support robertabela

    (@robert681)

    5 months, 2 weeks ago

    Hello @deedeekaye

    I second what Bluehost just said – 2FA is a must and then you can always harden the login page with other policies.

    We have free plugins to help you with this and since you are already using WP Activity Log, there is tight integration between all of our plugins.

    For 2FA you should use WP 2FA, and to implement strong password and other login policies you should use Melapress Login Security.

    Thank you for using our plugins. Should you have any other questions, please do not hesitate to ask.

    Thread Starter deedeekaye

    (@deedeekaye)

    5 months, 2 weeks ago

    Thank you both very much – honestly just hearing that this is normal and others fight with this too is reassuring. Switching up the login page is clever, such a great tip – as well as all the other suggestions. thank you!

    Plugin Support robertabela

    (@robert681)

    5 months, 1 week ago

    You are welcome @deedeekaye

    Indeed, you are not the only one seeing all these things. By the way, please do not forget to spare a minute and rate WP Activity Log. These reviews are really helpful to the plugin.

    Thank you and enjoy your day.

Viewing 4 replies - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.